[Update]: Department Of Homeland Security Investigating PSN Debacle

This debacle has apparently gotten big enough for the government to take notice, as the Department of Homeland Security is now investigating the matter. "The Department of Homeland Security is aware of the recent cyber intrusion to Sony's PlayStation Network and Qriocity music service," says spokesman Chris Ortman. "DHS' U.S. Computer Emergency Readiness Team (CERT) is working with law enforcement, international partners and Sony to assess the situation."

Similar government departments in Australia are also looking into the matter.

Hackers that claim to have the stolen PSN data are attempting to sell credit card information on several message boards. They claim to have names, addresses, phone numbers, email addresses, birth dates, and full credit card information (number, expiration, and security code) for sale. TrendMicro security expert Kevin Stevens says that they offered to sell the information back to Sony, but the company refused.

Stevens also says that 2.2 million credit cards are included in the database. Reports of fraudulent charges have been popping up on Twitter, on message boards, and in the inboxes of gaming journalists. There's no way to know for sure whether these claims are true, and even if they are there's no way to determine if they're tied to the PSN breach.

Sony has officially acknowledged that the recent security breach of PSN by hackers has likely resulted in the theft of PSN account users' profile info, and perhaps even credit card information.

The official Sony PlayStation Blog reads in part:

"Valued PlayStation Network/Qriocity Customer:We have discovered that between April 17 and April 19, 2011, certain
PlayStation Network and Qriocity service user account information was
compromised in connection with an illegal and unauthorized intrusion
into our network. In response to this intrusion, we have:1. Temporarily turned off PlayStation Network and Qriocity services;2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and3. Quickly taken steps to enhance security and strengthen our network
infrastructure by re-building our system to provide you with greater
protection of your personal information."

As far as what those responsible may have gained, the statement details a list including your name, address, PSN/Qriocity account info – and possibly your credit card info.

"Although we are still investigating the details of this incident, we
believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip),
country, email address, birth date, PlayStation Network/Qriocity password
and login, and handle/PSN online ID. It is also possible that your
profile data, including purchase history and billing address (city,
state, zip), and your PlayStation Network/Qriocity password security
answers may have been obtained. If you have authorized a sub-account for
your dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit card
data was taken, we cannot rule out the possibility. If you have provided
your credit card data through PlayStation Network or Qriocity, out of
an abundance of caution we are advising you that your credit card number
(excluding security code) and expiration date may have been obtained."

Finally, Sony says, "We have a clear path to have PlayStation Network and Qriocity systems
back online, and expect to restore some services within a week."

[Original Story]: Playstation Network users have been left in the dark for days now, and Sony has acknowledged that the shutdown has everything to do with hackers. However, they've made no mention of who's to blame or what the hacking hoped to accomplish. Web group Anonymous previously announced intentions to attack PSN, but are denying involvement with this incident. Today, a user on Reddit claims to have knowledge of the specifics.

User chesh420 says he's a moderator at PSX-Scene.com, and the shutdown can be traced to a custom firmware that allowed users to validate fake credit card numbers on what PSN deemed to be a secure network. Here's the entirety of his post (all spelling in context):

Ok, I've seen a bunch of speculation of why people think PSN is down, and I thought I should just post what the community knows in comparison to what Sony is telling everyone. The truth is, there was a new CFW (custom firmware) released known as Rebug (link omitted). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network. Now, before you go freaking out about the latest information posted about Kotaku, no ones personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available. Anyway, that's the real reason for the PSN downtime. Sony is now rebuilding all of it's PSN servers to be more secure and (hopefully) make sure the CFW users cannot get online anymore.

It would take something major for Sony to shut down the entirety of their network, and a custom firmware that allowed for rampant pirating is obviously reason for concern. Take this with a grain of salt, as we have no way of verifying whether this Reddit user has an inside track or not. We've reached out to Sony for comment and will let you know if we hear anything.

UPDATE: We received a response from Sony, which you can read below

We are currently investigating, including the possibility of targeted behavior of an outside party. If this is indeed caused by such act, we want to once again thank our customers who have borne the brunt of the attack through interrupted service. Our engineers are working to restore and maintain the services, and we appreciate our customers' continued support.

Now that I fully understand what the reality of the situation is, I will become a little more patient. I just hope sony can get it back up soon, but best of luck to them. I hope the hackers realize that they affected millions of people, not just sony.

It's not really a big deal the network is down but this hacking business has gone too far. Geohot and anonymous are egotistic retards that have single handedly ruined portions of gaming for millions of PS3 users. I cannot begin to explain my livid frustration for these spineless pieces of hot garbage but really? Why ruin it for everyone else? especially the innocent ones caught amongst the collateral damage.
I remember in 08' LIVE was down for a few weeks, was that a maitenance thing or a hacker issue as well?

They should have done this from the beginning when geohotz started it all instead of throwing out an "oh we took care of it" security patch. Its just becoming an annoyance at this point. Gives me time to play single player campaigns.

Now that I fully understand what the reality of the situation is, I will become a little more patient. I just hope sony can get it back up soon, but best of luck to them. I hope the hackers realize that they affected millions of people, not just sony. And at least it gives me A LOT of time to stock up on my trophys. And finally beat the black ops campaign...

Now that I fully understand what the reality of the situation is, I will become a little more patient. I just hope sony can get it back up soon, but best of luck to them. I hope the hackers realize that they affected millions of people, not just sony. And at least it gives me A LOT of time to stock up on my trophys. And finally beat the black ops campaign

i'm skeptical. i was having serious connection issues on psn (not internet or xbl btw) a week prior to the shutdown, as were many others. this breach does not seem capable of contributing to that type of issue, as opposed to an external attack on the servers. could be wrong. i'm no expert. but this just seems like smoke.

I say those people responsible be banned from the internet for life. Imagine if it were some vital life threatening network they hacked into for kicks or to not pay. what would happen to those in the crossfire?

Stupid hackers ruin my good time again. While this may be true and as others have said, I had been having trouble connecting and staying connected for about a week before they shut down the servers so I'm not completely sure I buy into this reason. I do feel, however, that Sony should give some reason to the faithful users who use their services.

Again, greed wins over all. Greedy people will go out of their way to act our their greedy fantasy's. These people are without a soul, so to them stealing money from hardworking developers is no more serious than picking a penny off the street.
They should all be thrown away in a jail and forgot about. Until the courts do something drastic to these people, their greed will always win. Lock them up and throw away the key.